Permalink
Browse files

Moved contrib.csrf.* to core code.

There is stub code for backwards compatiblity with Django 1.1 imports.

The documentation has been updated, but has been left in
docs/contrib/csrf.txt for now, in order to avoid dead links to
documentation on the website.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11661 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
1 parent 8e70cef commit 7230a995ce81a7b8dd093bd03cc5ebd34106ee80 @spookylukey spookylukey committed Oct 27, 2009
@@ -300,7 +300,7 @@
MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
- 'django.contrib.csrf.middleware.CsrfViewMiddleware',
+ 'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
# 'django.middleware.http.ConditionalGetMiddleware',
# 'django.middleware.gzip.GZipMiddleware',
@@ -381,7 +381,7 @@
# Dotted path to callable to be used as view when a request is
# rejected by the CSRF middleware.
-CSRF_FAILURE_VIEW = 'django.contrib.csrf.views.csrf_failure'
+CSRF_FAILURE_VIEW = 'django.views.csrf.csrf_failure'
# Name and domain for CSRF cookie.
CSRF_COOKIE_NAME = 'csrftoken'
@@ -60,7 +60,7 @@
MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
- 'django.contrib.csrf.middleware.CsrfViewMiddleware',
+ 'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
)
@@ -6,7 +6,7 @@
from django.contrib.admin import widgets
from django.contrib.admin import helpers
from django.contrib.admin.util import unquote, flatten_fieldsets, get_deleted_objects, model_ngettext, model_format_dict
-from django.contrib.csrf.decorators import csrf_protect
+from django.views.decorators.csrf import csrf_protect
from django.core.exceptions import PermissionDenied
from django.db import models, transaction
from django.db.models.fields import BLANK_CHOICE_DASH
@@ -3,8 +3,7 @@
from django.contrib.admin import ModelAdmin
from django.contrib.admin import actions
from django.contrib.auth import authenticate, login
-from django.contrib.csrf.middleware import csrf_response_exempt
-from django.contrib.csrf.decorators import csrf_protect
+from django.views.decorators.csrf import csrf_protect, csrf_response_exempt
from django.db.models.base import ModelBase
from django.core.exceptions import ImproperlyConfigured
from django.core.urlresolvers import reverse
@@ -4,7 +4,7 @@
from django.contrib.auth.forms import AuthenticationForm
from django.contrib.auth.forms import PasswordResetForm, SetPasswordForm, PasswordChangeForm
from django.contrib.auth.tokens import default_token_generator
-from django.contrib.csrf.decorators import csrf_protect
+from django.views.decorators.csrf import csrf_protect
from django.core.urlresolvers import reverse
from django.shortcuts import render_to_response, get_object_or_404
from django.contrib.sites.models import Site, RequestSite
@@ -10,7 +10,7 @@
from django.views.decorators.http import require_POST
from django.contrib import comments
from django.contrib.comments import signals
-from django.contrib.csrf.decorators import csrf_protect
+from django.views.decorators.csrf import csrf_protect
class CommentPostBadRequest(http.HttpResponseBadRequest):
"""
@@ -5,7 +5,7 @@
from utils import next_redirect, confirmation_view
from django.contrib import comments
from django.contrib.comments import signals
-from django.contrib.csrf.decorators import csrf_protect
+from django.views.decorators.csrf import csrf_protect
@csrf_protect
@login_required
@@ -1,20 +0,0 @@
-from django.contrib.csrf.middleware import get_token
-from django.utils.functional import lazy
-
-def csrf(request):
- """
- Context processor that provides a CSRF token, or the string 'NOTPROVIDED' if
- it has not been provided by either a view decorator or the middleware
- """
- def _get_val():
- token = get_token(request)
- if token is None:
- # In order to be able to provide debugging info in the
- # case of misconfiguration, we use a sentinel value
- # instead of returning an empty dict.
- return 'NOTPROVIDED'
- else:
- return token
- _get_val = lazy(_get_val, str)
-
- return {'csrf_token': _get_val() }
@@ -1,10 +0,0 @@
-from django.contrib.csrf.middleware import CsrfViewMiddleware
-from django.utils.decorators import decorator_from_middleware
-
-csrf_protect = decorator_from_middleware(CsrfViewMiddleware)
-csrf_protect.__name__ = "csrf_protect"
-csrf_protect.__doc__ = """
-This decorator adds CSRF protection in exactly the same way as
-CsrfViewMiddleware, but it can be used on a per view basis. Using both, or
-using the decorator multiple times, is harmless and efficient.
-"""
Oops, something went wrong. Retry.

0 comments on commit 7230a99

Please sign in to comment.